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TITLE OF THE INVENTION 
ENCRYPTION/DECRYPTION APPARATUS , ENCRYPTION/DECRYPTION 



METHOD, AND PROGRAM STORAGE MEDIUM THEREFOR 



BACKGROUND OF THE INVENTION 
5 This application is based on Japanese Patent 

Application No. 10-233921, filed August 20, 1998, the 
contents of which are incorporated herein by reference. 
The present invention relates to an encryption/ 

O decryption apparatus and method and, more particularly, 

fefi 

-=3- 

UJ 10 to an encryption/decryption apparatus and method which 

%J use secret key block encryption and a program storage 

|jl medium therefor. 

. E :" The DES (Data Encryption Standard) is secret key 

r Y|3 block ^encr^pLxuii that has currently been used most 

Iq 15 widely, which is described in detail in Jpn. Pat. Appln, 

"== = KOKAI Publication No. 51-108701. 

The DES has been evaluated in various viewpoints, 
fV*"^ and docfryption . me - thods such as a differential 



^^ Q^YPtion moLhod and linear^d ecj_yptiuii method, which 



h 

20 are more effective than a key exhaustive search method, 

have been proposed. , s 

Note that the dif f erential^d e c rypLiuu ineLhud - is 
disclosed in E. Biham and A. Shamir, "Differential 
Cryptanalysis of DES-like Cryptosystems , " Journal 

2 5 of CRYPTOLOGY, Vol. 4, Number 1, 1991. The linear 

decryption method is disclosed in Mitsuru Matsui, 

f\ "Linear Dcorypt - ion of PES cipher text ( I-)-" , Encryption 

A A 



- 2 - 

and Information Security Symposium,. SCIS93-3C, 1993. 

There is a new i Lteci'^pLion me th ud based on power 
A 

consumption differences. In this method, power 
consumption differences between given bits of data 
5 (power consumption corresponding to bit 0 and power 

consumption corresponding to bit 1) are measured to 
estimate bits* In the case of the DES, for example, 
an input to an S-box and a corresponding output are 
estimated on the basis of a known ciphertext output and 
kj 10 estimation of a key. A power consumption difference 

Si that appears when a given one bit is 0 or 1, which is 

m estimated on the basis of the output from the S-box, 

is measured to check the validity of estimation, i.e., 

Q 

ijj the validity of estimation of the key. 

*Z 15 For this reason, there is a possibility that a DES 



ciphertext i ^aooryptod by the above method, and hence 
higher security has been required. 

BRIEF SUMMARY OF THE INVENTION 
It is an object of the present invention to 
2 0 provide an encryption/decryption apparatus and method 

which make it difficult to perform decryption by 
a technique based on power consumption differences 
without changing the data encryption processing result 
obtained by a conventional encryption/decryption 
2 5 apparatus and method, and a program storage medium for 

the apparatus and method. 

In order to achieve the above object, according to 
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the first aspect of the present invention, there is 
provided an encryption apparatus for converting a 
plaintext block into a ciphertext block depending on 
supplied key information, comprising means for randomly 
5 selecting one pattern of each of pairs ai, ai (where 

i is a positive integer not less than one) of one or 
a plurality of predetermined mask patterns and mask 
patterns obtained by bit inversion of the predetermined 
mask patterns every time encryption is performed, 
10 means for masking bits dependent on a plaintext within 

the apparatus with the mask pattern selected by the 
selection means, and means for removing an influence of 
the mask £ from a ciphertext before the ciphertext is 
output. 

15 According to the second aspect of the present 

invention, there is provided an encryption apparatus 
for converting a plaintext block into a ciphertext 
block depending on supplied key information, comprising 
means for randomly selecting one pattern of each of 

20 pairs ai, ai (where i is a positive integer not less 

than one) of one or a plurality of predetermined mask 
patterns and mask patterns obtained by bit inversion of 
the predetermined mask patterns every time encryption 
is performed, means for masking intermediate bit data 

2 5 within the apparatus with the mask pattern selected 

by the selection means, and means for removing an 
influence of the mask & from the intermediate bit data 



masked by the masking means. 

According to the third aspect of the present 
invention, there is provided an encryption method of 
converting a plaintext block into a ciphertext block 
5 depending on supplied key information, comprising the 

steps of randomly selecting one pattern of each of 
pairs ai, ai (where i is a positive integer not less 
than one) of one or a plurality of predetermined mask 
Q patterns and mask patterns obtained by bit inversion of 

y 10 the predetermined mask patterns every time encryption 

■%J is performed, masking bits dependent on a plaintext 

Iji within the method with the selected mask pattern, and 

J~ removing an influence of the mask £ from a ciphertext 

before the ciphertext is output. 
15 According to the fourth aspect of the present 

invention, there is provided an encryption method of 
converting a plaintext block into a ciphertext block 
depending on supplied key information, comprising the 
steps of randomly selecting one pattern of each of 
20 pairs ai, ai (where i is a positive integer not less 

than one) of one or a plurality of predetermined mask 
patterns and mask patterns obtained by bit inversion of 
the predetermined mask patterns every time encryption 
is performed, masking intermediate bit data within the 
2 5 method with the selected mask pattern, and removing an 

influence of the mask & from the masked intermediate 
bit data. 



According to the fifth aspect of the present 
invention, there is provided a computer-usable program 
storage medium storing computer-readable program 
code means for converting a plaintext block into a 
ciphertext block depending on supplied key information, 
comprising computer-readable program code means for 
causing a computer to randomly select one pattern of 
each of pairs ai, ai (where i is a positive integer not 
less than one) of one or a plurality of predetermined 
mask patterns and mask patterns obtained by bit 
inversion of the predetermined mask patterns every time 
encryption is performed, computer-readable program code 
means for causing the computer to mask bits dependent 
on a plaintext within the method with the selected mask 
pattern, and computer-readable program code means for 
causing the computer to remove an influence of the mask 
£ from a ciphertext before the ciphertext is output. 

According to the present invention, original data 
is masked, and the mask is removed immediately before 
it is i - nput to each S-box. when this mask is removed, 
there is a possibility that the data may be^ decrypted- 
by the above technique based on power consumption 
differences. For this reason, according to the present 
invention, mask removal processing immediately before 
the data is input to each S-box, input operation of 
the original data to each S-box immediately after mask 
removal, and masking operation for the output from each 



S-box are calculated in advance and stored as a table, 
and the calculation result is obtained by looking up 
the table. For this reason, neither calculation of 
an exclusive OR for mask removal nor calculation of 
an exclusive OR for masking are performed during 
encryption and decryption, the data cannot be decrypted 
by the technique based on power consumption differences. 

According to the present invention, consistency 
of encryption and decryption is ensured, and security 
against the decryption technique based on power 
consumption differences can be improved by making it 
difficult to decrypt data by the technique based on 
power consumption differences. 

Additional objects and advantages of the invention 
will be set forth in the description which follows, and 
in part will be obvious from the description, or may 
be learned by practice of the invention. The objects 
and advantages of the invention may be realized and 
obtained by means of the instrumentalities and combina- 
tions particularly pointed out hereinafter. 

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING 

The accompanying drawings, which are incorporated 
in and constitute a part of the specification, illust- 
rate presently preferred embodiments of the invention, 
and together with the general description given above 
and the detailed description of the preferred embodi- 
ments given below, serve to explain the principles of 



the invention . 

FIG. 1 is a block diagram showing the overall 
arrangement of a DES algorithm; 

FIG, 2 is a block diagram showing the arrangement 
of the round functions of the DES; 

FIG. 3 is a table showing an example of the 
contents of an S-box conforming to a DES standard 
table; 

FIG. 4 is a block diagram showing an arrangement 
in which masks are added to round functions according 
to the present invention; 

FIG. 5A is a circuit diagram showing an arrange- 
ment in which a mask is added to the input round 
according to the present invention; 

FIG. 5B is a circuit diagram showing an arrange- 
ment in which a mask is added to the final round 
according to the present invention; 

FIG. 6 is a table showing an expansion E; 

FIG. 7 is a table showing a permutation P; 

FIG. 8 is a view showing a concealed output from 
SI which corresponds to an input (000000, 000001, 
111111) in the use of a mask &; 

FIG. 9 is a table of a mask a (bit inversion 
of 3) ; 

FIG. 10 is a block diagram showing an arrangement 
of a DES algorithm according to an embodiment; 

FIG. 11 is a block diagram showing an arrangement 



obtained by adding masks to the round functions in the 
arrangement in FIG. 10; 

FIG. 12 is a block diagram showing the arrangement 
of S in FIG. 11; 

FIG. 13 is a block diagram showing another 
arrangement of a DES algorithm according to an 
embodiment ; 

FIG. 14 is a block diagram showing an arrangement 
obtained by adding masks to the round functions in the 
arrangement in FIG. 13; 

FIG. 15 is a block diagram showing the arrangement 
of S in FIG. 14; 

FIG. 16 is a block diagram showing the arrangement 
of a key scheduler of a DES algorithm; 

FIG. 17 is a block diagram showing an arrangement 
in which a mask is added to the key scheduler according 
to the present invention; 

FIG. 18 is a block diagram showing an arrangement 
in which the mask added to the key scheduler is added 
to each round function according to the present 
invention; 

FIG. 19 is a flow chart showing the flow of 
processing in an encryption method according to an 
embodiment, which includes the step of masking bits 
dependent on a plaintext with selected mask patterns 
and the step of removing the influence of the masks 
described above from the ciphertext before it is 



output ; 

FIG, 20 is a flow chart showing the flow of 
processing in an encryption method according to 
an embodiment; 

FIG. 21 is a flow chart showing the flow of 
processing in an encryption method according to an 
embodiment, which includes the step of removing the 
influence of masks from intermediate bit data during 
an encryption procedure and the step of masking the 
data with mask patterns; 

FIG. 22 is a flow chart associated with an 
encryption procedure according to an embodiment of 
the present invention; and 

FIG. 2 3 is a block diagram showing the arrangement 
of an IC card that implements the encryption/decryption 
method, and program storage medium therefor according 
to the present invention described above. 

DETAILED DESCRIPTION OF THE INVENTION 

An embodiment of the present invention will be 
described below with reference to the views of the 
accompanying drawing. 

FIG. 1 shows an arrangement of an encryption 

algorithm DES to which the present invention is applied. 

This arrangement is comprised of a data ccramblor 1 

A 

including 1st to 16th rounds for scrambling a plaintext 
(64 bits) 3 depending on an externally input key 8 
and outputting a corresponding ciphertext and a key 
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scheduler 2 for expanding key information & into an 



intermediate key to be supplied to the data A acramb-Ie^ 1. 

Referring to FIG. 1, the plaintext (64 bits) 3 is 
subjected to an initial permutation IP 4 first, and 
5 then divided into two equal halves. The left 32-bit 

data and right 32-bit data of the two equal halves 
are respectively input to a round function 5. The 
structure of the round function will be described later. 
The left 32-bit data and right 32-bit data output from 

10 the round function are interchanged and input to the 

next round function. 

After these data are processed by the 16 round 
functions, a ciphertext 7 is output by a final 
permutation IP" 1 6. 

15 FIG. 2 is a block diagram showing the details of 

the round function 5 in FIG. 1. A round function 17 
is constituted by a permutation E 11, exclusive OR 13, 
S-boxes 14, permutation P 15, and exclusive OR 16. 

The right 32-bit data is extended into 48-bit data 

2 0 by the permutation E 11. The resultant data is output 

to the exclusive OR 13. The exclusive OR 13 outputs 
the exclusive OR of the output from the permutation E 
11 and an extended key 12. The 48-bit data output from 
the exclusive OR 13 is equally divided into 6-bit data. 

25 Each 6-bit data is input to a corresponding one of the 

S-boxes 14. In this embodiment, each S-box is formed 
from a table, and outputs 4-bit data with respect to 
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a 64-entry 6-bit input. According to SI based on the 
DES, if the left and right ends of a 6-bit input are 
respectively regarded as the first and sixth bits, 
a row in a table of the S-box in FIG. 3 is designated 
5 by the first and sixth bits regarded as binary numbers. 

Note that the row numbers in the table of the S-box 
shown in FIG. 3 are counted from above as the Oth, 1st, 
2nd, and 3rd rows. A column number is then designated 
Q by the four remaining bits regarded as a binary number. 

|7j 10 The column numbers are also counted from the left end 

■*g as the Oth 1st, 2nd, 3rd, 15th columns. If, for 

jjl example, 011011 is input to SI, the row number is 01. 

J~ That is, the second row from above is designated. 

JjJ Since the column number is 01101, i.e., 13 (14th column 

15 from left), the value in the table is 15. Therefore, 

SI outputs this value in binary notation, i.e., 0101. 
Referring to FIG. 3, each output from the S-box is 
designated by a row and column. In general, however, 
such an S-box is formed as a table corresponding to 
20 inputs ranging from 0 to 63. The 32-bit data obtained 

by combining outputs from the respective S-boxes 
is subjected to bit permutation operation by the 
permutation P 15. The resultant data is output to 
the exclusive OR 16. The exclusive OR 16 outputs the 
25 exclusive OR of the left 32-bit data and the output 

from the permutation P 15. 

FIG. 4 is a circuit diagram showing the details of 
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the round function 5 in FIG. 4 and the round function 
17 in FIG. 2. FIG. 5A shows an arrangement for an 
input to the first round function. FIG. 5B shows an 
arrangement for an output from the 16th round function. 
5 An embodiment of the present invention will be 

described in detail below with reference to FIGS. 4, 5A, 
and 5B. 

Referring to FIG. 4, reference symbols £ and h 
p respectively denote 32-bit masks; and a, inversion 

iTj 10 of all bits. In a round function 35 in FIG. 4, an 

hJi exclusive OR 25 calculates the exclusive OR of the 

■S= right 32-bit data and an output from a switch SW23 and 

JiJ's 

outputs it to an expansion E 26. An output from the 
expansion E 26 is exclusive-ORed with an extended key 
1^ 15 Ki by an exclusive OR 27. The resultant data is output 

*D to a switch SW12. The switch SW12 causes the data to 

branch in accordance with a random number sequence Ri j . 
If Rij is 0, the switch SW12 causes the data to branch 
to the 0 side. If Rij is 1, the switch SW12 causes the 
2 0 data to branch to the 1 side. 

FIG. 4 shows the arrangement of each S-box after 
branching at the switch SW12. An S-box 29 corresponds 
to SI to S8 based on the DES. 

When the switch SW12 causes data to branch to the 
25 0 side, the process indicated by a dashed line 34a is 

performed. More specifically, an exclusive OR 32a 
calculates the exclusive OR of the output from the 
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exclusive OR 27 and six bits (E(a)) of the result 
obtained by performing the expansion E for the mask £ 
which corresponds to an input of the S-box, and outputs 
the resultant data to the S-box 29. The S-box 29 
5 outputs the result obtained by looking up the table of 

the S-box to an exclusive OR 33a. 

The exclusive OR 33a calculates the exclusive OR 
of bits of p -1 (a) as the result obtained by performing 
inverse permutation p" 1 for the mask & and the output 

10 from the S-box 29, and outputs the resultant data to 

the switch SW11. 

When the switch SW12 causes the data to branch to 
the 1 side, the process indicated by a dashed line 34b 
is performed. More specifically, an exclusive OR 32b 

15 calculates the exclusive OR of the output from the 

exclusive OR 2 7 and bits of the result obtained by 
performing the expansion E for the mask a which 
corresponds to an input of the S-box, and outputs the 
resultant data to the S-box 29. The S-box 29 looks up 

2 0 the table of the corresponding S-box and outputs the 

resultant data to the exclusive OR 33b. 

The exclusive OR 33b calculates the exclusive OR 
of four bits of p _1 (a) as the result obtained by 
performing inverse permutation p" 1 of a permutation 

2 5 P(30) for the mask a which corresponds to an output 

from the S-box and the output from the S-box 29, and 
outputs the resultant data to the switch SW11. 
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Note that the processes indicated by the dashed 
lines 34a and 34b must not be performed during 
encryption and decryption. This is because, even if 
data is concealed with the above mask, since input/ 
output operation of the S-box 2 9 is not concealed, 
deuiypLiun may be attempted by using power consumption 

A. 

differences in S-box processing. 

In this embodiment of the present invention, the 
results of the processes indicated by the dashed lines 
34a and 34b are obtained first by pre-calculation 
performed before encryption and decryption, and 
encryption processing and decryption processing are 
then performed. For example, a table in which the 
index of each input to each S-box and a corresponding 
output are rewritten is prepared for each S-box, and 
is used for encryption and decryption. In this case, 
a table of an S-box corresponding to the mask £ and 
a table of an S-box corresponding to the mask a are 
prepared. For example, the following is the result 
obtained by calculating the process block 34a in FIG. 4 
using the mask Assume that the mask 3 is (0110 1111, 

1100 1010 0110 1100 1100 0011). The expansion E is 
expressed by the table shown in FIG. 6. In the table 
shown in FIG. 6, the respective rows correspond to 
inputs to SI, S2, S8 from above. In addition, the 

first bit on the left end of each column corresponds to 
the first bit of an input to a corresponding S-box. 
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Each number in the table represents the Xth bit of 
a corresponding input to the expansion E. That is, 
the input to SI includes the 32nd, 1st, 2nd, 3rd, 4th, 
and 5th bits of the input to E. With the above mask 
5 therefore, a bit mask (a) corresponding to the input 

to SI is (101101). FIG. 7 shows a table of the 
permutation P. Referring to FIG. 7, the numbers 
sequentially correspond to the first to 32nd bits of 
p the output from P from the left (the first and second 

jTj 10 rows are contiguous). Each term represents the Xth bit 

*J of an input. That is, the first bit of the output from 

™ permutation P is the 16th bit of the input. The bits 

^ corresponding to SI are the 1st, 2nd, 3rd, and 4th bits 

Q of the input to the permutation P, and hence respec- 

173 

H 15 tively correspond to the 9th, 17th, 23rd, and 31st bits 

*D of the output from P. Since a mask corresponding to 

fey 

the output from SI is p _1 (a), i.e., the output from P 
is a, the 9th, 17th, 23rd, and 31st bits of the mask & 
become p -1 (a). The mask corresponding to the output 

20 from SI is therefore (1001). With the above mask 

therefore, a bit mask E(a) corresponding to the input 
to SI is (101101), and a bit mask p -1 (a) corresponding 
to the output from SI is (1001). According to the 
actually formed table corresponding to the mask a,, the 

25 output from SI is calculated by using the result of the 

exclusive OR of the input and the bit mask E(a) as the 
input to SI, and an output from the table is obtained 




i£3 
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by adding the bit mask p -1 (a) to the output from SI by 
exclusive OR, FIG* 8 shows an output (corresponding to 
an input of 0 to 63) of concealed SI when the input 
corresponds to (000000, 000001, . .., 111111), in the 
5 case of the above mask a, FIG. 9 shows a table of the 

mask a (bit inversion of a) . 

The outputs from the respective process blocks 
indicated by the dashed lines 34a and 34b are 
permutated by a permutation P 30. The resultant data 

10 is output to an exclusive OR 31. The exclusive OR 31 

calculates the exclusive OR of the left 32-bit data and 
the output from the permutation P 30. An exclusive OR 
24 calculates the exclusive OR of the right 32-bit data 
and the output from the switch SW13 to obtain new right 

15 32-bit data. 

Referring to FIG. 5A, the result obtained by 
permutating the plaintext (64 bits) by initial 
permutation < IP 41a is divided into equal halves, i.e., 
right 32-bit data and left 32-bit data. An exclusive 

20 OR 44a calculates the exclusive OR of the left 32-bit 

data and an output from a switch SW21. The output from 
this exclusive OR 44a becomes the left 32-bit data of 
an input of the first round function. An exclusive OR 
42a calculates the exclusive OR of the right 32-bit 

25 data and an output from a switch SW14. An exclusive OR 

43a calculates the exclusive OR of the output from the 
exclusive OR 42a and an output from a switch SW22. 



The output from the exclusive OR 43a becomes the 
right 32-bit data of an input of the first round 
function. In the case shown in FIG. 5A, the sequence 
of the exclusive ORs 42a and 43a may be interchanged 
in accordance with the characteristics of the 
exclusive ORs. 

Referring to FIG. 5B, the result obtained by 
permutating the plaintext (64 bits) by initial 
permutation IP 41a is divided into equal halves, i.e., 
right 32-bit data and left 32-bit data. An exclusive 
OR 44b calculates the exclusive OR of the left 32-bit 
data and the output from the switch SW21. This 
eliminates the influence of the mask in the exclusive 
OR 43a in FIG. 5A. The output from the exclusive OR 
44b is input to a final permutation IP -1 41b. An 
exclusive OR 42b calculates the exclusive OR of the 
right 32-bit data and the output from the switch SW14. 
An exclusive OR 43b calculates the exclusive OR of the 
output from the exclusive OR 42b and the output from 
switch SW22. This eliminates the influence of the mask 
in the exclusive OR 44a in FIG. 5A. The output from 
the exclusive OR 43b is input to the final permutation 
ip-l 41b. Referring to FIG. 5B, the sequence of 
the exclusive ORs 42b and 43b may be interchanged 
in accordance with the characteristics of the 
exclusive ORs. 

The characteristics of the arrangement shown in 
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FIGS. 4, 5A, and 5B will be described below. 

The exclusive ORs 44a, 42a, and 43a conceal data 
by using masks such as the masks 3 and fe. With this 
operation, in the data scrambler, it is difficult to 
5 observe the left 32-bit data and right 32-bit data from 

the outside world. If, however, data is concealed by 
using the above masks, inputs to the respective S-boxes 
14 in FIG. 2 differ from the original plaintext data, 
Q and hence outputs from the S-boxes differ. Therefore, 

yj 10 the output ciphertext does not correspond to the 

*j original plaintext data. 

13 

j«i In order to solve the above problem, in each round 

^ function, the exclusive OR 25 in FIG. 4 calculates the 

^ exclusive OR of the mask h or mask b. This eliminates 

^ 15 the influence of concealment using the mask h or b 

■*3 added in FIG. 5A. If the switch SW12 causes the 

. s=* 

data to branch to the 0 side, the exclusive OR 32a 
eliminates the influence of concealment using the mask 
£ in FIG. 5A. That is, the input to S29 becomes the 

20 same as the original plaintext input. The output from 

S29 is concealed again by the exclusive OR 33a using 
the mask In this case, the process block 34a is 

performed in advance by looking up the table, no 
significant changes in power consumption data directly 

25 associated with the input /output operation of S2 9 can 

be observed from the outside world. 

The exclusive OR 24 in FIG. 4 temporarily 



eliminates the influence of the mask a or a on the 
right 32-bit data. However, the right 32-bit data is 
still concealed by the mask h or b , and hence security 
is ensured. The right 32-bit data becomes left 32-bit 
data on the next round. The exclusive OR 31 calculates 
the exclusive OR of the left 32-bit data and the output 
from permutation P30. As a consequence, the data is 
concealed by the mask & (or a) and mask h (or b) and 
becomes a right input on the next round. As described 
above, therefore, consistency among the respective 
S-boxes is maintained in terms of DES for translation. 

At the output of the final round, to eliminate the 
influence of each mask on concealment in FIG. 5A, the 
exclusive OR using each mask in FIG. 5B is performed. 

The switches SW11, SW12, SW13, and SW14 are 
controlled by a random number sequence {Rli}. 
The switches SW21, SW22, and SW23 are controlled by 
a random number sequence {R2i}. For example, each 
switch selects a branch to the 0 side when Rji = 0, and 
selects a branch to the 1 side when Rji = 1. The 
random number sequences {Rli} and {R2i} for controlling 
the switches are characterized by being changed for 
each of encryption and decryption processes for the 
respective blocks. For example, in a given encryption 
process, all the switches SW11, SW12, SW13, and SW14 on 
the respective rounds perform processing on the 0 side. 
In another encryption process, all the switches SW11, 
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SW12, SW13, and SW14 on the respective round perform 
processing on the 1 side. 

If there is a clear relationship of dependence 
between the random number sequences {Rli} and {R2i}, 
5 an attacker has a clue to the estimation of the masks 

£ and h, random number sequences having no clear 
relationship of dependence are used as the random 
number sequences {Rli} and {R2i}. Ideally, the use of 
q two random number sequences which are statistically 

Bp 

10 independent is recommended. In practice, however, even y 

r\ : if there is a statistical dependence relationship, this 



A 



In;.- technique is effective as a measure against decryption 

based on power consumption differences, as long as the 
/Y'^f jriif luenufa! is sufficiently ^amall . Two m sequence 

H 15 generators may be prepared as means for implementing 

*S the present invention, and outputs from the first and 

second m sequence generators may be respectively set 
to {Rlj} and {R2j}. If the period of an m sequence is 
sufficiently long and the sequence lengths of the two m 
2 0 sequence generators, corresponding convention 

polynomials, and part or all of initial values are 
made to differ from each other, the above condition 
can be sufficiently satisfied. As another means for 
implementing random number sequences, one m sequence 
2 5 generator may be prepared to generate two bits for each 

encryption or decryption process. The first and second 
bits are respectively used as {Rlj} and {R2j}. 
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Although the m sequence generators are presented 
as practical examples in this case, any random number 
sequence generator can be used as long as security in 
practice can be ensured. Note that these random number 
sequences must be implemented so as not to be estimated 
from the outside world. According to still another 
implementation means, random number sequences may be 
stored in a memory in advance to be sequentially 
referred to. Note that these random number sequences 
must be implemented so as not to be estimated from the 
outside world. 

Referring to FIGS. 4, 5A, and 5B, the number of Is 
of a bit sequence, i.e., a Hamming weight, is defined 



as H(a). In ^ decryption using the technique based on 
power consumption differences, power consumption 
differences in a data encryption process are observed 
to acquire information about an encryption key. 
The concealment of data using the above masks makes it 
difficult to bring power consumption measurement from 
the outside world into correspondence with processed 
data. If, however, the HaAuning weights of masks 
differ from each other, only data using only the masks 
£ and h may be extracted in accordance with measurement 
of a plurality of encryption data and statistical 
information. If, only such data can be extracted, 
a key can be extracted as in the prior art by using 
the decryption technique based on power consumption 
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differences. Since the currently used mask can be 
discriminated as the mask £ or a in this manner, 
satisfactory countermeasures cannot be taken. If, for 
example, the Hamming weights of the masks & and a or 
5 masks b and b are set to be equal, it is difficult to 

discriminate the masks by measurement from the outside 
world, thus ensuring security. If, however, the bit 
weights of the masks are offset, the security greatly 
,™ deteriorates . 

10 Referring to FIGS. 4, 5A, and 5B, if, therefore, 

masks that satisfy H(a) = H(a) = H(b) = H(b) = n/2 = 
y 16 are selected (the Hamming weights of the masks 

c P are equal to each other), high security is ensured. 

G In this case, since a bit count n. of each of the masks 

H 15 & and h is 32, a mask value of 16 is preferably used as 

dg the bit weight of each of the masks £ and h and the bit 

inversions of the masks £ and Ideally, as described 

above, a mask having a Hamming weight corresponding to 
half of the bit length of the mask is preferably used. 
2 0 However, the same effect as described above can be 

obtained by using two masks having almost the same 
Hamming weight. In other words, if the Hamming weight 
indicating the number of bits 1 of an n-bit long bit 
sequence x is defined as H(x), the Hamming weight H(a) 
25 of the mask & satisfies 0 < H(a) < n. Alternatively, 

the absolute value of the difference between the 
Hamming weight H(a) of the mask 3 and the Hamming 



weight H(a) of the bit inversion a of the mask 3 is 
less than n/2. 

That is, if the Hamming weights of the respective 
masks are not extremely offset, it is not easy to 
discriminate the masks by measurement from the outside 
world. Therefore, the effect of a countermeasure 
against the technique based on power consumption 
differences can be obtained. 

Consider the characteristics of the expansion E 26 
based on the DES in FIG. 4. For the same reason as 
that for the selection of a mask value in consideration 
of Hamming weights, masks whose Hamming weights E(a) 
and E(a) applied to the exclusive ORs 32a and 32b are 
equal to each other are selected. That is, masks 
satisfying H (E ( a ) ) = H ( E ( a ) ) are selected. 

When the above mask condition is applied to the 
implementation of the DES, for example, it is required 
that both the number of Is of the "first bits" (the 
bits on the left ends) of the respective 4-bit blocks 
of the mask 3 and the number of Is of the "fourth bits" 
(the bits on the right ends) of the respective 4-bit 
blocks of the mask £ are 4 each. That is, this 
embodiment is characterized by selecting the masks 
a and h that satisfy the above condition. As mask 
value that satisfy the above condition, 
( 10000011111011011110010100100001 ) 2 r 

( 11011010011001010011010110001010)2, and the like can 
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be used. 

Ideally, the use of mask values that satisfy the 
above condition is recommended. However, a similar 
effect can be obtained if "the number of Is of the 
5 "first bits" of the respective 4-bit blocks of the 

mask 3" and "the number of Is of the "fourth bits" of 
the respective 4-bit blocks of the mask a" are not 
extremely offset. 

q In using the mask values that satisfy the above 

jj" 10 condition, when there is no clear correspondence 

/I between the random number sequences {Rlj} and {R2j} 

*!? for controlling the switches, even if the same mask 

4* value is used for the masks a and h, effective 

O countermeasures can be taken against decryption using 

W 

15 the technique based on power consumption differences. 



The DES arrangement shown in FIG.^1 is most widely 
known. However, DES arrangement methods having 
undergone various equivalent modifications to attain 
an increase in processing speed have been known. 

20 Modifications in which the present invention is 

applied to the DES will be described below. 

FIG. 10 shows an equivalent modification of the 
DES. In the implementation of the DES in FIG. 10, in 
order to improve the processing efficiency, the permu- 

25 tation E 11 and the permutation P 15 are integrated 

into one permutation and processed as an EP 53. 
The output obtained by permutating an input plaintext 
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58 by an initial permutation IP 57 is divided into 
equal halves. The right 32-bit data is input to an 
expansion E 51a, and the left 32-bit data is input to 
an expansion E 51b. The 4 8 bits output from the 
5 expansion E 51a are the right 48 bits of an input to 

the first round. The 4 8 bits output from the expansion 
E 51b are the left 48 bits of an input to the first 
round. An exclusive OR 55 calculates the exclusive OR 
of the right 4 8 bits of the input and an extended key 

10 Kl, and outputs the resultant data to an S-box 54. 

The S-box 54 outputs a corresponding output to the EP 
53 by looking up the table. The EP 53 permutates the 
input and outputs the resultant data to an exclusive OR 
56. The exclusive OR 56 calculates the exclusive OR of 

15 the left 48 bits output from the expansion E 51a and 

the output from the EP 53. The resultant data becomes 
the right 4 8 bits of an input to the next round. 
The above processing on the first round is repeated up 
to the 16th round. The right 48 bits output from the 

2 0 16th round are input to a contraction permutation E- 1 

52a, and the left 48 bits are input to a contraction 

permutation E- 1 52b. The respective 32-bit outputs are 

input to a final permutation IP* 1 59. As a consequence, 

a 64-bit ciphertext 60 is output. 

2 5 A method of preventing decryption using the 

A 

technique based on power consumption differences by 
applying the present invention to such a modified DES 



will be described below. 

FIG . 11 shows an embodiment of the implementation 
of the DES in FIG. 10 according to the present 
invention. Referring to FIG. 11, "E(a) /E( a ) " indicates 
how the switch SW23 applies a mask based on an 
exclusive OR. That is, "E(a)/E( a ) " indicates the mask 
E( a) or E( a ) . 

FIG. 11 shows an embodiment which indicates that 
the present invention shown in FIGS. 4, 5A, and 5B can 
be applied to the implementation of the DES in FIG. 10. 

The output obtained by performing an initial 
permutation for an input plaintext is divided into two 
equal halves. The right 32-bit data is input to 
an expansion E 61a, and the left 32-bit data is input 
to an expansion E 61b. An exclusive OR 64 calculates 
the exclusive OR of the 48-bit data output from the 
expansion E 61a and the mask E(a)/E(a) and outputs the 
resultant data to an exclusive OR 65. The exclusive OR 
65 calculates the exclusive OR of the output from the 
exclusive OR 6 4 and the mask E(b)/E(b) to obtain the 
right 48 bits of an input to the first round. Note 
that the sequence of the exclusive ORs 64 and 65 may be 
interchanged depending on the characteristics of the 
exclusive ORs. 

An exclusive OR 69 calculates the exclusive OR of 
the 4 8-bit data output from the expansion E 61b and the 
mask E(b)/E(b) to obtain the left 48 bits of an input 



to the first round. 

An exclusive OR 66 calculates the exclusive OR of 
the right 48 bits of the input and the mask E(a)/E(a) 
to obtain the left 4 8 bits of an input to the next 
round. An exclusive OR 67 calculates the exclusive OR 
of the right 48 bits of the input and the E(b)/E(b) 
and outputs the resultant data to an exclusive OR 68. 
The exclusive OR 68 calculates the exclusive OR of the 
output from the exclusive OR 67 and the extended key Kl 
and outputs the resultant data to S 62 ( " ~ " indicates 
exponentiation). The structure of S 62 will be 
described later. The output from S 62 is permuted by 
an EP 63 and output to an exclusive OR 70.. 

The shift register 70 calculates the exclusive OR 
of the left 48 bits of the input data and the output 
from the EP 63 to obtain the right 4 8 bits of an input 
to the next round. The processing on the first round 
is repeated up to the 16th round. The output from the 
final round is subjected to processing reverse to that 
for the input to the first round. More specifically, 
the right 48 bits are subjected to the exclusive OR 65, 
exclusive OR 64, and contraction permutation E- 1 , 
whereas the left 48 bits are subjected to the exclusive 
OR 65 and contraction permutation E- 1 . The resultant 
two 32-bit data are output to the final permutation. 

FIG. 12 shows the structure of S 62 in FIG. 11. 

Referring to FIG. 12, a = E(a) and a = E(a). 
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An exclusive OR 71 calculates the exclusive OR of 
an input to S 62 and a mask a or a and inputs the 
resultant data to an S-box 72. An exclusive OR 73 
calculates the exclusive OR of the output from the 
5 S-box 72 and a mask p~ 1 E- 1 (a) or p~ 1 E- 1 (a) to obtain 

an output from S 62. 

That is, a block 74 in FIG. 12 corresponds to the 
process blocks 34a and 34b including the switches SW12 
and SWll in FIG. 4. Note, however, that the process in 
10 the block 74 must not be performed during encryption 

and decryption. This is because, even if data is 



B concealed with the above mask, since input /output 

P( ¥ operation of the S-box 72 is not concealed. •€ ' " 

O may be attempted by using power consumption differences 

15 in S-box processing. 

k Q The embodiment of the present invention is 

characterized in that the result of the process in the 
block 74 is obtained first by calculation performed 
in advance before encryption and decryption, and are 
20 then used for encryption processing and decryption 

processing. For example, a table in which the index 
of each input to each S-box and a corresponding output 
are rewritten is prepared for each S-box and used as S 
for encryption processing and decryption processing. 
25 In this case, an S table corresponding to the mask a 

and an S table corresponding to the mask a are 
prepared in each S-box. 
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FIG. 13 shows another equivalent modification of 
the DES. 

In the. implementation of the DES in FIG. 13, in 
order to improve the processing efficiency, the 
5 expansion E 11 and permutation P 15 are integrated into 

one permutation and processed as an EP 83. The output 
obtained by permutating an input plaintext 88 by 
an initial permutation IP 87 is divided into two 
q equal halves. The right 32-bit data is input to 

j7j 10 a permutation p" 1 81a, and the left 32-bit data is 

input to a permutation p" 1 81b. The 32 bits output 
from the permutation p" 1 81b are the right 32 bits of 
an input to the first round. The 32 bits output from 
p the permutation p" 1 81b are the left 32 bits of an 

H 15 input to the first round. The right 32 bits of the 

>.Q input are input to the EP 83, and the resultant data 

obtained by performing an expansion for the input 
is output to an exclusive OR 85. The excitation 
reconstruction section 85 calculates the exclusive OR 
2 0 of the data and the extended key Kl and outputs the 

resultant data to an S-box 84. The S-box 84 outputs 
a corresponding output to an exclusive OR 86 by looking 
up the table. The exclusive OR 86 calculates the 
exclusive OR of the left 32 bits output from the 
25 expansion E 81b and the output from the S-box 84 to 

obtain the right 32 bits of an input to the next round. 
The processing on the first state is repeated up to the 
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16th round. 

At the output of the 16th state, the right 32 bits 
are input a permutation P 82a, and the left 32 bits 
are input to a permutation P 82b, The respective 
32-bit data are input to a final permutation IP" 1 89. 
As a consequence, a 64-bit ciphertext 90 is output. 
A method of preventing ^iecryption using the technique 
based on power consumption differences by applying the 
present invention to such a modification of the DES 
will be described below. 

FIG. 14 shows an embodiment of the equivalent 
modification of the DES in FIG. 13 according to the 
present invention . 

Referring to FIG. 1 4 , }^&=-^t&) f p 1 " 1 1 ( a ) " indicates 
how the switch SW2 3 applies a mask based on an 
exclusive OR. That is y (\ rp"1 ( a ) /y 1 - ^ T"^T" indicates 
a mask/ fa"^ (a) on, p~ l ( a -fr. 

FIG. 14 shows an embodiment which indicates that 
the present invention shown in FIGS. 4, 5A, and 5B can 
be applied to the implementation of the DES in FIG. 13. 

The output obtained by performing an initial 
permutation for an input plaintext is divided into two 
equal halves. The right side 32-bit data is input to 
a permutation p" 1 91a, and the left 32-bit data is 

A 

input to a permutation ^ 91b. An exclusive OR 94 

calculates the exclusive OR of the 32 bits output from 

P 

the permutation^* -1 91a aneK^^-f a ) fy 9 " 1 ( a y and outputs 
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the resultant data to an exclusive OR 95. The inverter 
circuit 95 calculates the exclusive OR of the output 
from the exclusive OR 94 and the mas^A^^iar/p 1 (a) to 
obtain the right 32 bits of an input to the first round, 
5 Note that the sequence of the exclusive ORs 94 and 95 

may be interchanged depending on the characteristics of 
the exclusive ORs . 

An exclusive OR 96 calculates the exclusive OR 
« of the right 32 bits of the input and the mask 

10 1 (a-) to obtain the left 34 bits of an input 

^ to the next round. An exclusive OR 97 calculates the 
•zf exclusive OR of the right 32 bits of the input and the 

(M 

ma^f' 1 ( b J /p~ 1 ( d ) and outputs the resultant data to 
O an EP 93. The 48-bit output obtained by expansion 

H 15 at the EP 93 is output to an exclusive OR 98 to be 

sO exclusive-ORed with the enlarge key Kl. The resultant 

~ data is output to S 92. The structure of S 92 will be 

described later. The output from S 92 is output to 
an exclusive OR 100 to be exclusive-ORed with the left 
20 32 bits of the input data so as to obtain the right 32 

bits of an input to the next round. The above 
processing on the first state is repeated up to the 
16th round. 

The output from the final round is subjected to 
25 processing reverse to that for the input to the first 

round. More specifically, the right 32 bits are 
subjected to the exclusive OR 95, exclusive OR 94, 



and permutation P, whereas the left 32 bits are 
subjected to the exclusive OR 95 and permutation P. 
The resultant two 32-bit data are output to the final 
permutation . 

FIG. 15 shows the structure of S 92 in FIG . 14, 
Referring to FIG. 15 ,Xr)t = p" 1 (a) and a = p 1 ( a ) . 
An exclusive OR 101 calculates the exclusive OR of 
an input to S 92 and a mask a or a and inputs the 
resultant data to an S-box 102. 

An exclusive OR 103 calculates the exclusive OR of 
the output from the S-box 102 and a mask^ p" 1 E- 1 ( a ) — or 
p^- 1 E- 1 "( a ) to obtain an output from S 92. That is, 
a block 104 in FIG. 15 corresponds to the process 
blocks 34a and 34b including the switches SW12 and SW11 
in FIG. 4. Note, however, that the process in the 
block 104 must not be performed during encryption and 
decryption. This is because, even if data is concealed 
with the above mask, since input/output operation of 
the S-box 102 is not concealed, decryption may be 
attempted by using power consumption differences in 
S-box processing. The embodiment of the present 
invention is characterized in that the result of 
the process in the block 104 is obtained first by 
calculation performed in advance before encryption and 
decryption, and are then used for encryption processing 
and decryption processing. For example, a table in 
which the index of each input to each S-box and 



a corresponding output are rewritten is prepared for 
each S-box and used as S for encryption processing and 
decryption processing. 

In this case, an S table corresponding to the mask 
a and an S table corresponding to the mask a are 
prepared in each S-box. 

An embodiment in which the present invention is 
applied to a key scheduler will be described next with 
reference FIGS. 16, 17, and 18. 

A mask pattern q. for masking a bit pattern K of 
a true key and a bit inversion pattern c are prepared. 
Let Kc be the value obtained by converting K with c by 
using designated dyadic operation, and Kc be the value 
obtained by converting K with c by using the same 
dyadic operation. The values Kc and Kc are stored 
in the memory in advance. Every time encryption or 
decryption is executed, one of the values Kc and Kc 
is randomly selected and processed in the same manner 
as the true key. The resultant data is applied to a 
plaintext by the above dyadic operation, and inversion 
of the dyadic operation is performed to remove the 
influence of the pattern q or c from the output 
obtained by the dyadic operation. A case wherein the 
present invention is applied to a DES scheme as an 
encryption scheme using exclusive OR operation as 
dyadic operation will be described first. First of all, 
two masked keys Kc and Kc are prepared: 



KC = K(+)C 
Kc = K( + ) c 

where ( + ) represents an exclusive OR for each bit. 

Prior to encryption or decryption, one of the keys 
Kc and Kc is randomly selected, and a key schedule 
process of the DES is performed to sequentially 
generate 16 extended keys. The 16 keys extended from 
Kc are expressed by Kci (i = 1, 16), and the keys 

extended from Kc are expressed by Kci (i = 1, 16). 
The keys extended from Kc are influenced by the mask q, 
and the keys extended from Kc are influenced by the 
mask c . This influence is determined by the key 
schedule process of the DES. In this case, however, 
the keys extended from the true key K, which is not 
masked, according to a key schedule are expressed by Ki 
(i = 1, 16), the exclusive OR of Ki and Kci is 

expressed by ci, and the exclusive OR of Ki and Kci is 
expressed by ci . That is, ci = Ki (+)Kci ci = Ki 
(+)KcI 

In the DES, each extended key Ki is applied to 
a message by an exclusive OR for each bit immediately 
after the expansion E. In the present invention, Kci 
or Kci is applied in place of Ki . When Kci is applied, 
its influence is removed by applying ci by exclusive OR 
operation after the application of Kci. When Kci is 
applied, its influence is removed by applying ci by 
exclusive OR operation after the application of Kci . 




ill 
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The values ci and ci are obtained by enlarging a and c 
according to the key schedule of the DES in the same 
manner as extended keys. The value ci or ci may be 
generated from the mask q or c selected every time 
5 encryption or decryption is performed. However, the 

method of calculating ci and ci in advance is the 
method that can suppress the leakage of information 
most against observation from the outside world. 
In this case, two sets of 16 48-bit masks, i.e., a 
10 total of 1,536 bits, are prepared. When, for example, 

the present invention is applied to IC cards, since 
these masks can be fixed at least for each card, ci 

Sir - 

and ci can be written in the ROM. This is important 

O especially for IC cards whose storage capacities are 

H 15 severely constrained. In general, when the same number 

yi of bits are to be stored, the area of a ROM is smaller 

than that of a RAM or EEPROM. When a 1,536-bit mask is 

stored in a ROM, the use efficiency of an LSI chip area 

becomes higher than when the mask is stored in a RAM or 

2 0 EEPROM. 

FIG. 16 shows a key schedule of the DES. ^ 

h* Referring to FIG. 16, reference symbols 4^B£ — - — 

n 111 and Srf 113 denote functions each constituted 

/V 

by a combination of bit selection and a permutation; 

Pr 25 and ROT 112, cyclic shift operation. >P€ H~ HI 

A 

discards eight bits of an externally input 64-bit key K 
115 and transfers two 28-bit sequences to the cyclic 



shift 112. The cyclically shifted data consisting of 

a total of 56 bits is input to -f£*€ 2-)- 113 to output 

a 48-bit extended key. Referring to FIG. 16, only 
the extended key corresponding to one round is output. 
However, extended keys corresponding to the 2nd, 
3rd, 16th rounds are generated by repeating the 

cyclic shift and P€ - - 2 . 

FIG. 17 shows the flow of processing in a case 
wherein the present invention is applied to the key 
scheduler. 

On the key input round of the key scheduler, Kc 
and Kc are randomly selected by a switch SW31 with a 
probability of almost 1/2 and input to a key scheduler 
122. The subsequent processing in the key scheduler is 
the same as key schedule processing in the general DES. 
An extended key 12 3 to be output is Kci when the input 
key is Kc, and Kci when the input key is Kci. 

FIG. 18 shows how an extended key influenced by 
a mask is applied to a message in each round function. 

A method of applying Kci or Kci to a message is 
generally the same as the method of applying Ki to 
a message. An exclusive OR 132 applies the extended 
key Kci or Kci to the 48 bits output from an expansion 
E 131 in units of bits by exclusive OR operation. 
Since the resultant data is influenced by the mask q or 
c, if this data is input to an S-box without any change, 
correct encryption cannot be performed. For this 
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reason, the influence of the mask c or c on the data 
must be removed before it is input to the S-box. 
More specifically, if the influence of the mask is 
represented by ci, ci is applied to the data by 
5 an exclusive OR 133 before the data is input to an 

S-box 134. Since inversion of an exclusive OR is 
an exclusive OR, the influence of ci can be removed. 
This applies to a case wherein the influence of the 
masks is represented by ci . 
I"? 10 In this embodiment, if the mask c is selected as 

Ji bit translation of the mask q, the respective bits of 

:zf the extended key uniformly take the values "1" and " 0" . 

y = 

This can prevent leakage of information about the key 
M against various types of observation from outside 

ST* 

■H 15 the encryption apparatus. To minimize leakage of 

=0 information, ci and ci preferably have similar Hamming 

weights. Note, however, that ci is obtained by 
processing q through a key schedule. It is therefore 
difficult to completely control the Hamming weights 
20 of ci on all the rounds. Under the circumstances, 

a method of selecting a mask having a Hamming weight 
corresponding to 1/2 the bit size as the original mask 
q may be used. 

FIG. 19 is a flow chart showing the flow of 
25 processing in an encryption method according to an 

embodiment, which includes the step of masking bits 
dependent on a plaintext with selected mask patterns 



and the step of removing the influence of the masks 
described above from the ciphertext before it is output 

When plaintext data is input (step Ul), at least 
one i-th mask pair is selected (step U2 ) . With this 
operation, mask patterns ai (step U3) or inverted mask 
patterns a of the mask patterns ai are selected. 
The data is masked with the selected masks (step U5 ) . 
It is checked whether the next mask pair is selected 
(step U6). If the selection of the next masks are 
required, the processing is repeated from the step of 
selecting the new i-th- mask pair (step U2 ) . If the 
selection of the required mask pair is complete, an 
encryption process of the data is performed (step U7 ) . 

Since the intermediate output data obtained by the 
encryption process (step U7) has been masked with the 
mask patterns, the i-th mask pair is determined first 
( step U8 ) to determine whether the mask patterns ai 
were used (step U9) or the inverted mask patterns a 
were used (step U10). The masks applied to the data 
are removed (step Ull). It is then checked whether 
mask removal is complete (step U12). If masks are left 
the processing is repeated from the step of determining 
the new mask pair (step 8). If mask removal is 
completed by the above steps, the ciphertext is output 
( step U13 ) . 

FIG, 2 0 is a flow chart showing the flow of 
processing in an encryption method according to an 



embodiment, which includes the step of removing the 
influence of masks from input data to a data transla- 
tion and the step of masking the output data from the 
data translation with mask patterns. 

When data is input to the data translation 
(step VI ) f an i-th mask pair is checked (step V2 ) to 
determine whether mask patterns ai were used (step V3 ) 
or inverted mask patterns a of the mask patterns ai 
were used (step V4 ) . The masks applied to the data are 
removed ( step V5 ) . 

It is checked whether mask removal is complete 
(step V6 ) . If masks are left, the processing is 
repeated from the step of checking a new mask pair 
(step V2 ) . If mask removal is completed by the above 
steps, data translation is performed (step V7 ) . 

For the output data upon the above data 
translation (step V7 ) , at least one i-th mask pair is 
selected (step V8 ) , and the mask patterns ai (step V9 ) 
or mask patterns a (step V10) are selected. The data 
is masked with the selected masks (step Vll). It is 
then checked whether the next mask pair is selected 
(step V12). If selection of a mask pair that demands 
selection of the next mask and masking are complete, 
the data is output from the data translation (step V13). 

FIG. 21 is a flow chart showing the flow of 
processing in an encryption method according to an 
embodiment, which includes the step of removing the 
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influence of masks from intermediate bit data during 
an encryption procedure and the step of masking the 
data with mask patterns. 

When ciphertext intermediate value as intermediate 
5 encryption bit data is input (step Wl ) , an i-th mask 

pair is checked (step W2 ) to determine whether mask 
patterns ai were used (step W3 ) or inverted mask 
patterns a of the mask patterns ai were used (step W4 ) . 
I=% The masks applied to the data are removed (step W5 ) . 

ijj 10 It is then checked whether mask removal is 

*/] complete (step W6 ) . If masks are left, the processing 

S? is repeated from the step of checking a new mask pair 

^ (step W2 ) . When mask removal is completed by the 

5: 

■ w above steps, an encryption process is performed by 

H 15 an expansion E round function (step W7 ) . 

kU 

'•B For the output data from the encryption round 

function (step 7W), at least one i-th mask pair is 
selected to select the mask patterns ai (step W9 ) or 
the inverted mask patterns a (step W10). The data is 

20 masked with the selected mask pair (step Wll). It is 

further checked whether the next mask pair is selected 
(step W12). If selection of a mask pair that demands 
selection of the next mask and masking are complete, 
the ciphertext intermediate value is output (step W13). 

25 FIG. 22 is a flow chart associated with an 

encryption procedure according to an embodiment of the 
present invention. When a plaintext is input (step XI), 



mask patterns for masking the plaintext is selected 
(step X2 ) . Bits dependent on the plaintext are masked 
with the selected mask patterns (step X3 ) • 

For an intermediate value of the encryption data 
5 having undergone the above masking process (step X4 ) , 

mask patterns for masking the input data of a round 
'function is selected (step X5 ) . The masks are removed 
from the input data of the round function (step X6). 
^ Mask patterns for masking an input to the data 

JtJ 10 translation are selected (step X7). The masks are 

J: removed from the input data to the data translation 

jj:? (step X8). The data translation then converts the 

input data (step X9). 
^ Mask patterns for masking the output from the data 

H 15 translation (step X9 ) are selected (step X10), and the 

hQ output data from the data translation is masked with 

the mask patterns (step Xll). Mask patterns for 
masking the output data of the round function are 
selected (step X12), and the output data of the round 
20 function is masked with the mask patterns (step X13). 

It is checked whether the above procedure is 
complete up to the nth round (step X14). If the 
processing is not complete, the processing is repeated 
from step X4. If the processing is complete up to the 
25 nth round, mask patterns that mask the ciphertext are 

selected (step X15), and the masks are removed from 
the bits dependent on the ciphertext (step X16), 
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The finally obtained ciphertext is output (step X17). 

As the processing in steps X2 , X3 , X15, and X16, 
the processing described with reference to FIG* 19 is 
performed. As the processing in steps X5, X6, X12, and 
5 X13, the processing described with reference to FIG. 20 

is performed. As the processing from step S7 to step 
Xll, mask determination processing, mask removal, and 
concealment processing using masks are performed in one 
« process by using tables calculated in advance and the 

j~1 10 like to prevent leakage of intermediate data in process. 

,jj FIG. 2 3 is a block diagram showing the arrangement 

j;f of an IC card that implements the encryption/decryption 

^ apparatus, encryption/decryption method, and program 

S storage medium therefor according to the present 

H 15 invention described above. As shown in FIG. 23, an IC 

?n 

Ul card 201 includes a CPU 203, RAM 205, ROM 207, EEPROM 

209, and contactor 211. The RAM 205 is used to store 
various data and as a work area or the like. The ROM 
207 is used to store various data, programs, and the 

2 0 like. The EEPROM 209 is used to store the programs 

indicated by the flow charts of FIGS. 19 to 22 and the 
like. The contactor 211 obtains electrical contact 
with an IC card reader /writer (not shown). Note that 
the programs shown in FIGS. 19 to 2 2 may be stored in 

2 5 the RAM 2 05 or ROM 207 instead of the EEPROM 2 09. 

In the above embodiment, the application of the 
present invention to the DES scheme has been described 
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in detail. However, the present invention is not 
limited to this and can be applied to general 
encryption schemes comprised of part or all of the 
following three types of functions, namely dyadic 
operation like exclusive OR operation, a permutation 
equivalent to bit interchange, and cipher system 
equivalent an S-box. 

Additional advantages and modifications will 
readily occur to those skilled in the art. Therefore, 
the invention in its broader aspects is not limited to 
the specific details and representative embodiments 
shown and described herein. Accordingly, various 
modifications may be made without departing from the 
spirit or scope of the general inventive concept as 
defined by the appended claims and their equivalents. 



